Known Vulnerabilities for products from Apereo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apereo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-43821 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.7 - HIGH | 2021-12-14 | 2021-12-20 |
| CVE-2021-43807 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2021-12-14 | 2021-12-20 |
| CVE-2021-42567 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2021-12-07 | 2021-12-09 |
| CVE-2021-32623 | Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 a... | 6.5 - MEDIUM | 2021-06-16 | 2021-06-23 |
| CVE-2021-21318 | Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before... | 5.4 - MEDIUM | 2021-02-18 | 2021-02-26 |
| CVE-2020-27178 | Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys wit... | 7.5 - HIGH | 2020-10-16 | 2021-07-21 |
| CVE-2020-26234 | Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Open... | 4.8 - MEDIUM | 2020-12-08 | 2020-12-10 |
| CVE-2020-5231 | In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not... | 6.5 - MEDIUM | 2020-01-30 | 2020-02-10 |
| CVE-2020-5230 | Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be probl... | 7.5 - HIGH | 2020-01-30 | 2020-02-10 |
| CVE-2020-5229 | Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore... | 8.1 - HIGH | 2020-01-30 | 2020-02-05 |
| CVE-2020-5228 | Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is pa... | 7.5 - HIGH | 2020-01-30 | 2020-02-05 |
| CVE-2020-5222 | Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an addition... | 8.8 - HIGH | 2020-01-30 | 2020-02-05 |
| CVE-2020-5206 | In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper aut... | 10 - CRITICAL | 2020-01-30 | 2020-02-05 |
| CVE-2019-10754 | Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for toke... | 8.1 - HIGH | 2019-09-23 | 2019-09-24 |
| CVE-2018-1000836 | bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient... | 9 - CRITICAL | 2018-12-20 | 2019-02-07 |
| CVE-2018-20000 | Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local fil... | 7.5 - HIGH | 2018-12-10 | 2019-01-24 |
| CVE-2017-1000221 | In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and ... | 6.5 - MEDIUM | 2017-11-17 | 2019-10-03 |
| CVE-2017-1000071 | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authent... | 8.1 - HIGH | 2017-07-17 | 2019-10-03 |
| CVE-2015-1169 | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via... | 7.5 - HIGH | 2015-02-10 | 2015-02-11 |
| CVE-2014-4172 | A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Jav... | 9.8 - CRITICAL | 2020-01-24 | 2020-02-12 |
Known software with vulnerabilities from Apereo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Apereo | .net Cas Client | 1.0.2 |
| Application | Apereo | Bedework | 3.4.1 |
| Application | Apereo | Bw-calendar-engine | 3.12.0 |
| Application | Apereo | Bw-webdav | 3.4.1 |
| Application | Apereo | Cas Server | 3.4.12.1 |
| Application | Apereo | Central Authentication Service | 3.0 |
| Application | Apereo | Java Cas Client | 3.3.2 |
| Application | Apereo | Opencast | 1.3.0 |
| Application | Apereo | Phpcas | 0.2 |
| Application | Apereo | Uportal | 3.2.5 |
Popular searches for "Apereo"
Welcome to Apereo | Apereo
www.jasig.orgWelcome to Apereo | Apereo Xerte makes it easy to create rich, interactive learning content as part of a team. At the University of Nottingham learning technologists, media specialists, software developers and teachers use Xerte's collaborative workflow to create pedagogically sound, rich interactive learning content - playable anywhere. Sakai's flexibility and freedom from licensing costs provided a one-stop way to onboard incoming freshmen and transfer students, and dramatically reduce cost and effort. After reviewing their options, SPC adopted Apereo Student Success Plan SSP .
www.apereo.org www.ja-sig.org/products/cas www.apereo.org www.ja-sig.org apereo.org apereo.org www.ja-sig.org/products/cas/index.html www.ja-sig.org/facebook www.ja-sig.org/products Interactive Learning Student Content (media) Workflow Learning Programmer Technology Pedagogy University of North Carolina at Chapel Hill License Masaryk University Collaboration Sakai (software) St. Petersburg College Freshman Mass media Accessibility Faculty (division) Foreign language Collaborative softwareCAS | Apereo
www.apereo.org/casCAS | Apereo An open-source Java server component. Pluggable authentication support LDAP, database, X.509, 2-factor . Support for multiple protocols CAS, SAML, OAuth, OpenID . A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others.
www.jasig.org/cas www.apereo.org/projects/cas www.jasig.org/cas apereo.org/projects/cas Java (programming language) Communication protocol Server (computing) UPortal Open-source software X.509 Lightweight Directory Access Protocol Database OpenID OAuth Security Assertion Markup Language Perl PHP Authentication Library (computing) .NET Framework Client (computing) Apache License Apache HTTP Server Moodle